Speak HIPAA Like a Native A Guide to Common HIPAA Nomenclature University of Miami Ethics Programs.

Slides:



Advertisements
Similar presentations
1 The Health Insurance Portability and Accountability Act (HIPAA) A guided tutorial for GVSU employees.
Advertisements

HIPAA Basics Brian Fleetham Dickinson Wright PLLC.
HIPAA and Privacy An Overview of the New Federal Requirements of the Health Insurance Portability and Accountability Act (HIPAA) Reid Cushman, UM Ethics.
Anne Arundel County Fire Department
HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.
Confidentiality and HIPAA
HIPAA Privacy Rule Training
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
P E N N S Y L V A N I A C O A L I T I O N A G A I N S T D O M E S T I C V I O L E N C E P E N N S Y L V A N I A C O A L I T I O N A G A I N S T RAPE HIPAA.
HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) ; Victoria Nemerson.
HIPAA Health Insurance Portability and Accountability Act.
What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
North Carolina State University Health Information Privacy 4/16/03.
WHAT IS HIPAA? The Health Insurance Portability and Accountability Act of 1996 (HIPAA) provides certain protections for any of your health information.
Reviewing the World of HIPAA Stephanie Anderson, CPC October 2006.
HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)
HIPAA THE PRIVACY RULE Reviewed December HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti-
Are you ready for HIPPO??? Welcome to HIPAA
HIPAA HIPAA Health Insurance Portability and Accountability Act of 1996.
Privacy, Security and Compliance Concerns for Management and Boards November 15, 2013 Carolyn Heyman-Layne, Esq. 1.
Health Insurance Portability and Accountability Act (HIPAA)
Overview of HIPAA Administrative Simplification and Privacy Regulations Darrel J. Grinstead, Partner Amy B. Kiesel, Associate Hogan & Hartson L.L.P.
Medical Records in Court: Life after HIPAA North Carolina Conference of Superior Court Judges, October 2003 Presented by Jill Moore, UNC School of Government.
HIPAA Health Insurance Portability & Accountability Act of 1996.
HIPAA – Health Insurance Portability & Accountability Act and the Privacy Act MSgt Nechele M. Chambers Senior Enlisted Liaison TRICARE Area Office-Europe.
Proprietary and confidential and may not be reproduced or distributed without the express consent of Cap Gemini Ernst & Young U.S. LLC and Ernst & Young.
HIPAA PRIVACY AND SECURITY AWARENESS.
HIPAA The Privacy Rule Health Insurance Portability and Accountability Act of 1996 (HIPAA) The 104 th Congress passed the Act, Public Law ,
1 Disclosures © HIPAA Pros 2002 All rights reserved.
1 HIPAA OVERVIEW ETSU. 2 What is HIPAA? Health Insurance Portability and Accountability Act.
Office of the Secretary Office for Civil Rights (OCR) Indian Health Service HIPAA Training Hosted by the Aberdeen Area Office July 24, 2012.
Computerized Networking of HIV Providers Workshop Data Security, Privacy and HIPAA: Focus on Privacy Joy L. Pritts, J.D. Assistant Research Professor Health.
HIPAA (health insurance portability and accountability act)
HIPAA Michigan Cancer Registrars Association 2005 Annual Educational Conference Sandy Routhier.
HIPAAand Disaster Situations By LYNDA M. JOHNSON Friday, Eldredge & Clark.
Medical Law and Ethics, Third Edition Bonnie F. Fremgen Copyright ©2009 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved.
Building a Privacy Foundation. Setting the Standard for Privacy Health Insurance Portability and Accountability Act (HIPAA) Patient Bill of Rights Federal.
Health Insurance Portability and Accountability Act (HIPAA) CCAC.
Health Insurance Portability and Accountability Act of 1996 HIPAA Privacy Training for County Employees.
© 2013 The McGraw-Hill Companies, Inc. All rights reserved. Ch 8 Privacy Law and HIPAA.
PricewaterhouseCoopers 1 Administrative Simplification: Privacy Audioconference April 14, 2003 William R. Braithwaite, MD, PhD “Doctor HIPAA” HIPAA Today.
HIPAA PRACTICAL APPLICATION WORKSHOP Orientation Module 1B Anderson Health Information Systems, Inc.
HIPAA THE PRIVACY RULE. 2 HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti- depressant medications.
Rhonda Anderson, RHIA, President  …is a PROCESS, not a PROJECT 2.
Copyright ©2014 by Saunders, an imprint of Elsevier Inc. All rights reserved 1 Chapter 02 Compliance, Privacy, Fraud, and Abuse in Insurance Billing Insurance.
C HAPTER 34 Code Blue Health Sciences Edition 4. Confidentiality of sensitive information is an important issue in healthcare. Breaches of confidentiality.
1 Privacy Plan of Action © HIPAA Pros 2002 All rights reserved.
HIPAA Overview Why do we need a federal rule on privacy? Privacy is a fundamental right Privacy can be defined as the ability of the individual to determine.
CH 10. Confidentiality A. Confidentiality about sensitive medical information is necessary to preserve the patient’s dignity. B. In order to receive payment.
Table of Contents. Lessons 1. Introduction to HIPAA Go Go 2. The Privacy Rule Go Go.
 Health Insurance and Accountability Act Cornelius Villalon Jr.
The Medical College of Georgia HIPAA Privacy Rule Orientation.
Health Insurance Portability and Accountability Act (HIPAA) © 2013 Project Lead The Way, Inc.Principles of Biomedical Science.
What is HIPAA? Health Insurance Portability and Accountability Act of HIPAA is a major law primarily concentrating on the prolongation of health.
HIPAA Training Workshop #3 Individual Rights Kaye L. Rankin Rankin Healthcare Consultants, Inc.
HIPAA Privacy Rule Training
10 Patient Confidentiality and HIPAA
What is HIPAA? HIPAA stands for “Health Insurance Portability & Accountability Act” It was an Act of Congress passed into law in HEALTH INSURANCE.
HIPAA CONFIDENTIALITY
Reid Cushman, UM Ethics Programs
HIPAA Administrative Simplification
HIPAA Pros - Disclosures
Disability Services Agencies Briefing On HIPAA
The Health Insurance Portability and Accountability Act
HIPAA Do’s and Don'ts: What is Really Behind Protected Health Information (PHI) and Health Care Privacy Rules Paul Sisler, Director, Information Services;
South Jordan City Fire Department
Presentation transcript:

Speak HIPAA Like a Native A Guide to Common HIPAA Nomenclature University of Miami Ethics Programs

“HIPAA” ● Health Insurance Portability and Accountability Act of 1996 ● two main goals: – making health insurance more portable when persons change employers – making the health system more accountable – especially, reducing waste and fraud

“administrative simplification” ● promoting efficiency in the health care system, particularly by more use of computers ● four “rules” that set standards for collection, use and disclosure of health information: – Transactions and Code Sets Rule – Identifier Rule (unique IDs for providers, plans, employers and, maybe, patients) – Security Rule (for electronic health information) – Privacy Rule (for all health information)

“protected health information (PHI)” ● HIPAA protections extend to any identifiable information related to the “past, present or future physical or mental health condition” of a person ● “in any form or medium” ● only adequately “de-identified information” is exempt: – information that contains no direct identifiers – it would be virtually impossible to identify from the indirect ones that remain

“HIPAA rights” ● HIPAA provides rights to patients for their PHI: – “access” – to see, get copy of one's records – “amendment” – to request correction, statement of disagreement when errors found – “accounting” – to get a list of (some of) the entities to which/whom one's record has been disclosed – for especially sensitive information, can request extra protections and/or confidential communications – to complain about, get resolution of, privacy problems

“covered entities” ● HIPAA protections for PHI put obligations on almost every organization that provides or pays for health care in the US: – health plans (health insurers, HMOs, etc.) – health care providers (that use electronic transactions) – health information clearinghouses (businesses that specialize in health data processing)

“HIPAA obligations” ● covered entities must have appropriate privacy and security policies, which include: – role-based rules on information use – training and sanctions to ensure that workforce practices follow policies

“workforce” “workforce education” ● obligations for a covered entity actually fall on its “workforce” – includes every employee, and every volunteer ● every member of a covered entity's workforce must be educated – “as necessary and appropriate” to do his/her job

“business associates” ● companies that handle health information on a covered entity's behalf are also reached by HIPAA: – covered entities must enter into contracts with all business associates – limited obligation for covered entities to monitor business associates' practices

“state preemption” ● state laws that provide “more stringent” privacy protection remain in force: – HIPAA provides a floor of protections for everyone – state laws that are “more stringent” are not preempted by HIPAA – state laws relating to public health and health system oversight also remain in force

“notice of privacy practices” ● every patient will receive a Notice from their “direct treatment providers” informing them of: – their rights ● access, correction, accounting, special protections and communications, and complaint processes – the covered entity's obligations for ● appropriate privacy and security policies ● workforce training in those policies ● business associate monitoring

“acknowledgment of notice” ● “direct treatment providers” must make an effort to get written acknowledgment of receipt of the notice, from each patient: – the notice must also be posted in a facility, and copies must be available – acknowledgement process provides an opportunity for patients to discuss privacy issues with providers ● health plans must also issue such notices periodically

“treatment, payment, healthcare operations (TPO)” ● acknowledgment constitutes permission for a broad range of “routine” transactions: – for any and all treatment needs – to secure payment for that treatment – for a very long list of other “health care operations” ● “consent” is not required from patient for TPO

“authorization” ● patients must sign a written authorization for non- routine uses beyond TPO – certain kinds of fundraising, research, marketing ● authorizations specify who is receiving protected information, for what purpose, and for how long ● stricter state laws may impose additional authorization (or consent) requirements

“agree or object” ● for a few kinds of routine practices, only an opportunity for oral agreement (or objection) is required: – including patient's name and condition in a facility's “directory information” – discussions of patient's condition with immediate family members

“no opportunity to agree or object” ● a large number of disclosures can occur without patient permission, just as now: – for public health (reporting of diseases and conditions) – to report child abuse, neglect, domestic violence – for law enforcement investigations – for judicial or administrative proceedings – to avert a serious, immediate threat to public safety – for national security purposes

“minimum necessary” ● the most important general rule under HIPAA is that use and disclosure of patient's protected health information should be no more than necessary to get the job done: – the regulations acknowledge that “incidental uses and disclosures” inevitably happen – all that is required is “reasonable” effort by health care workforce to achieve minimum necessary

“reasonable, appropriate security” ● attention to technical, physical and administrative measures: – computer and communications protections, door locks and alarms, policies about information use – protections need only be “reasonable” for the circumstances, given costs and current technology – protections must also be appropriate to the kind and amount of information being protected

“complaints of violations” ● any patient may complain to the institution's “privacy officer” or to the US Department of Health and Human Services – institutions must respond promptly and take appropriate action as needed ● workforce members may complain to privacy officer or DHHS: – with reasonable, good faith belief, and disclosing no more than necessary – no intimidating, retaliatory acts by covered entity

“compliance date” ● Privacy Rule – 14 April 2003 (large entities, >$5M annual revenues) – 14 April 2004 (small entities) ● other Rules after that, over coming years ● covered entities are already bound by applicable state health information laws

“sanctions” ● institutional reputation – loss of business, profits ● employee suspension or termination ● loss of license to practice ● civil fines ● criminal fines and imprisonment

“HIPAA sanctions” ● civil – $100 each violation, up to $25,000/person/year – liability if knew, or reasonably should have known, and no attempted cure ● criminal – “knowing”: up to $50,000, 1 year in prison – “under false pretenses”: $100,000, 5 years – with “malice” or intent for “personal or commercial gain”: $250,000, 10 years

This presentation may be re-used for non-commercial, educational purposes, with appropriate credit to the source. Any other use requires prior written permission. Information presented herein is believed to be correct at the time of posting. However, these materials are intended for education purposes only; they are not intended or represented as legal advice. UM Ethics Programs, PO Box (M-825), Miami FL 33101